With UK firms losing £18 billion in revenue from cyberattacks in 2015 alone1, IT experts are warning companies that social engineering presents a bigger threat to businesses than hacking, spamming or DDOS attacks.
According to Jason Fry, Managing Director at PAV I.T. Services – a company that works with clients across the UK providing technical solutions including training to prevent hacking and data security breaches – social engineering, a series of con techniques designed to extract key information from unwitting individuals, is becoming increasingly sophisticated, and consequently more damaging, than other forms of online fraud.
“Fraudsters are simply on the lookout for information. It’s not about obtaining banking or credit card details, but gathering the right information to dupe their targets in a more intricate way.
“The most vulnerable area for companies is inadequate email protection when collating customer information. If scammers are able to gather this information they can then use it for monetary gain. For example, when companies require a deposit for a product or service.”
The weakest link for the majority of businesses tends to be employees who have received little in the way of training to spot the potential pitfalls or are simply unaware of the techniques used by social engineering fraudsters.
“Both companies and their customers need to be educated about the issues which arise from human naivity. A robust security policy needs to include the traditional protection of systems, such as anti-virus and firewall software, but also iron clad processes need to be adopted and communicated effectively to staff to prevent information from being leaked and to reduce the likelihood of customers becoming victims of duping scams.
“The biggest risk of any online security breach is the damage to a brand’s reputation, and consequential fallout from the loss of trust from customers, so ensuring a company has the right protection in place, which is regularly reviewed and updated, is paramount to protecting them.”